1 // SPDX-License-Identifier: GPL-2.0
2 #define BPF_NO_KFUNC_PROTOTYPES
3 #include <vmlinux.h>
4 #include <bpf/bpf_tracing.h>
5 #include <bpf/bpf_helpers.h>
6 #include <bpf/bpf_core_read.h>
7
8 struct nf_conn;
9
10 struct bpf_ct_opts___local {
11 s32 netns_id;
12 s32 error;
13 u8 l4proto;
14 u8 reserved[3];
15 } __attribute__((preserve_access_index));
16
17 struct nf_conn *bpf_skb_ct_alloc(struct __sk_buff *, struct bpf_sock_tuple *, u32,
18 struct bpf_ct_opts___local *, u32) __ksym;
19 struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32,
20 struct bpf_ct_opts___local *, u32) __ksym;
21 struct nf_conn *bpf_ct_insert_entry(struct nf_conn *) __ksym;
22 void bpf_ct_release(struct nf_conn *) __ksym;
23 void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
24 int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
25 int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
26 int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
27
28 SEC("?tc")
29 int alloc_release(struct __sk_buff *ctx)
30 {
31 struct bpf_ct_opts___local opts = {};
32 struct bpf_sock_tuple tup = {};
33 struct nf_conn *ct;
34
35 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
36 if (!ct)
37 return 0;
38 bpf_ct_release(ct);
39 return 0;
40 }
41
42 SEC("?tc")
43 int insert_insert(struct __sk_buff *ctx)
44 {
45 struct bpf_ct_opts___local opts = {};
46 struct bpf_sock_tuple tup = {};
47 struct nf_conn *ct;
48
49 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
50 if (!ct)
51 return 0;
52 ct = bpf_ct_insert_entry(ct);
53 if (!ct)
54 return 0;
55 ct = bpf_ct_insert_entry(ct);
56 return 0;
57 }
58
59 SEC("?tc")
60 int lookup_insert(struct __sk_buff *ctx)
61 {
62 struct bpf_ct_opts___local opts = {};
63 struct bpf_sock_tuple tup = {};
64 struct nf_conn *ct;
65
66 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
67 if (!ct)
68 return 0;
69 bpf_ct_insert_entry(ct);
70 return 0;
71 }
72
73 SEC("?tc")
74 int write_not_allowlisted_field(struct __sk_buff *ctx)
75 {
76 struct bpf_ct_opts___local opts = {};
77 struct bpf_sock_tuple tup = {};
78 struct nf_conn *ct;
79
80 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
81 if (!ct)
82 return 0;
83 ct->status = 0xF00;
84 return 0;
85 }
86
87 SEC("?tc")
88 int set_timeout_after_insert(struct __sk_buff *ctx)
89 {
90 struct bpf_ct_opts___local opts = {};
91 struct bpf_sock_tuple tup = {};
92 struct nf_conn *ct;
93
94 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
95 if (!ct)
96 return 0;
97 ct = bpf_ct_insert_entry(ct);
98 if (!ct)
99 return 0;
100 bpf_ct_set_timeout(ct, 0);
101 return 0;
102 }
103
104 SEC("?tc")
105 int set_status_after_insert(struct __sk_buff *ctx)
106 {
107 struct bpf_ct_opts___local opts = {};
108 struct bpf_sock_tuple tup = {};
109 struct nf_conn *ct;
110
111 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
112 if (!ct)
113 return 0;
114 ct = bpf_ct_insert_entry(ct);
115 if (!ct)
116 return 0;
117 bpf_ct_set_status(ct, 0);
118 return 0;
119 }
120
121 SEC("?tc")
122 int change_timeout_after_alloc(struct __sk_buff *ctx)
123 {
124 struct bpf_ct_opts___local opts = {};
125 struct bpf_sock_tuple tup = {};
126 struct nf_conn *ct;
127
128 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
129 if (!ct)
130 return 0;
131 bpf_ct_change_timeout(ct, 0);
132 return 0;
133 }
134
135 SEC("?tc")
136 int change_status_after_alloc(struct __sk_buff *ctx)
137 {
138 struct bpf_ct_opts___local opts = {};
139 struct bpf_sock_tuple tup = {};
140 struct nf_conn *ct;
141
142 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
143 if (!ct)
144 return 0;
145 bpf_ct_change_status(ct, 0);
146 return 0;
147 }
148
149 char _license[] SEC("license") = "GPL";
150
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.